Linux Security
    Linux Security
    Linux Security

    Debian: DSA-4843-1: linux security update

    Date 01 Feb 2021
    207
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4843-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    February 01, 2021                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374
                     CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661
                     CVE-2020-36158 CVE-2021-3347 CVE-2021-20177
    Debian Bug     : 970736 972345 977048 977615
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2020-27815
    
        A flaw was reported in the JFS filesystem code allowing a local
        attacker with the ability to set extended attributes to cause a
        denial of service.
    
    CVE-2020-27825
    
        Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
        ring buffer resizing logic due to a race condition, which could
        result in denial of service or information leak.
    
    CVE-2020-27830
    
        Shisong Qin reported a NULL pointer dereference flaw in the Speakup
        screen reader core driver.
    
    CVE-2020-28374
    
        David Disseldorp discovered that the LIO SCSI target implementation
        performed insufficient checking in certain XCOPY requests. An
        attacker with access to a LUN and knowledge of Unit Serial Number
        assignments can take advantage of this flaw to read and write to any
        LIO backstore, regardless of the SCSI transport settings.
    
    CVE-2020-29568 (XSA-349)
    
        Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
        trigger OOM in backends by updating a watched path.
    
    CVE-2020-29569 (XSA-350)
    
        Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free
        flaw which can be triggered by a block frontend in Linux blkback. A
        misbehaving guest can trigger a dom0 crash by continuously
        connecting / disconnecting a block frontend.
    
    CVE-2020-29660
    
        Jann Horn reported a locking inconsistency issue in the tty
        subsystem which may allow a local attacker to mount a
        read-after-free attack against TIOCGSID.
    
    CVE-2020-29661
    
        Jann Horn reported a locking issue in the tty subsystem which can
        result in a use-after-free. A local attacker can take advantage of
        this flaw for memory corruption or privilege escalation.
    
    CVE-2020-36158
    
        A buffer overflow flaw was discovered in the mwifiex WiFi driver
        which could result in denial of service or the execution of
        arbitrary code via a long SSID value.
    
    CVE-2021-3347
    
        It was discovered that PI futexes have a kernel stack use-after-free
        during fault handling. An unprivileged user could use this flaw to
        crash the kernel (resulting in denial of service) or for privilege
        escalation.
    
    CVE-2021-20177
    
        A flaw was discovered in the Linux implementation of string matching
        within a packet. A privileged user (with root or CAP_NET_ADMIN) can
        take advantage of this flaw to cause a kernel panic when inserting
        iptables rules.
    
    For the stable distribution (buster), these problems have been fixed in
    version 4.19.171-2.
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.